Impersonate
Customisable object selector.
Introduction
The Impersonate selector is responsible for presenting a list of objects (in a grid) for the user to select from.
The Impersonate selector completes when the user has selected an option.
Can be nestled with other authenticators, selectors and chains.
Configuration
Common Authenticator configuration can be found here.
pipe_id
Reference to the pipe responsible for collecting the data to be presented in the grid.
N/A
identifier_attribute
What attribute serves as the selected identifier.
"sAMAccountName"
selected_id_parameter
Name of attribute where selected identifier will be put.
"object_id"
include_self
If the authenticated user should be a selectable option. Enables the 'Login as myself' button.
false
show_filtering
Enable filtering in UI.
true
exec_if
An expression that determins if this authenicator should be executed or not. If left unconfigured, the authenticator will execute.
N/A
auto_select
Automatic selection if only one option is available.
false
webroot_dir
See common authenticator configuration
web/authenticator/impersonate_selector
custom_identifier
Tag used for event separation
N/A
// Use case - To act on behalf of someone else
// Supported by default together with Fortified ID Password reset same Fortified ID Enrollment.
// Function is supported to be used for any SAML SP application.
{
"id": "impersonate",
"type": "Impersonate",
"display_name": "Impersonate",
"config": {
"base_path": "${globals.default_login_suffix}",
"expiry": "PT1S",
"overlay_dir": "${globals.default_overlay_dir}",
"exec_if": "mv.containsAny(exports.spEntityID, 'https://dev.fortifiedid.se/pwdreset/', 'https://dev.fortifiedid.se/enrollment/')",
"pipe_id": "impersonate_selector_pipe",
"values": [
{
"key": "displayName",
"label": "label1"
},
{
"key": "sAMAccountName",
"label": "label2"
},
{
"key": "mail",
"label": "label3"
}
],
"show_filtering": true,
"include_self": true,
"custom_identifier": "FortifiedID_Test",
"identifier_attribute": "mail",
"selected_id_parameter": "object_id"
},
"description": "The Impersonate selector is responsible for presenting a list of objects (in a grid) for the user to select from."
} // Use case - Choose persona
// If your login is associated with multiple accounts, select the account you want to log in with.
{
"id": "choose_persona",
"type": "Impersonate",
"display_name": "Choose persona",
"config": {
"base_path": "${globals.default_login_suffix}",
"expiry": "PT1S",
"overlay_dir": "${globals.default_overlay_dir}",
"pipe_id": "choose_persona_pipe",
"auto_select": true,
"values": [
{
"key": "displayName",
"label": "ChoosePersonaName"
},
{
"key": "sAMAccountName",
"label": "ChoosePersonaUserID"
},
{
"key": "mail",
"label": "ChoosePersonaMail"
}
],
"show_filtering": true,
"include_self": false,
"custom_identifier": "FortifiedID_Test",
"identifier_attribute": "mail",
"selected_id_parameter": "mail"
},
"description": "The Impersonate selector is responsible for presenting a list of objects (in a grid) for the user to select from."
}Values
The values array represents the columns to be shown in the grid.
key
Item parameter. The value will be presented in the column for each object.
label
Column label translation key.
"values":[
{
"key":"displayName",
"label":"label1"
},
{
"key":"givenName",
"label":"label2"
},
{
"key":"sAMAccountName",
"label":"label3"
},
{
"key":"mail",
"label":"label4"
},
{
"key":"cn",
"label":"label5"
}
]Data exposed to global state
When a value is selected, the Impersonate authenticator is marked as done and populates the configured selected_id_parameter property with the identifier value obtained from the selection.
Logging
WEB_100040("Impersonate selector completed")
IDENTIFIER (user trace id)
CUSTOMER_IDENTIFIER (if configured)
SOURCE_USER_NAME (id of selected object if anything selected, pipe not empty)
SOURCE_ADDRESS (ip of the remote session)
AUTHENTICATOR_ID (id + display_name of authenticator)
WEB_100041("Impersonate selector completed - self selected")
IDENTIFIER (user trace id)
CUSTOMER_IDENTIFIER (if configured)
SOURCE_ADDRESS (ip of the remote session)
AUTHENTICATOR_ID (id + display_name of authenticator)
API
API follows the general conventions of the Fortified Web Authenticator API.
Messages
Selector authenticators supports the following messages:
Init (request+response)
Init message must be sent before/during the view is loading. Response contains the options that should be presented to the user.
Init may be called while authenticator is in progress under the following circumstances:
Callback from selected authenticator
Browser reload (user refreshes page)
Browser back (user cancels selected authenticator and navigates back)
{
"type" : "init",
"data" : {}
}{
"type" : "init",
"success" : true,
"data" : {
"options" : [
{
"id" : "<option-id>",
"target" : "<authenticator-id>",
"label" : "<option-text-or-translation-key>
},
]
}
}Selected authenticator failed
The selected authenticator failed.
Unknown status: <status>
The selected authenticator has an unknown status (Not PENDING, IN_PROGRESS, COMPLETED or FAILED)
Invalid status: <status>
Protocol error. Init called when authenticator is not in status PENDING or IN_PROGRESS.
Action (request+response)
The action message is used for selecting an option. This message is triggered by a user action.
{
"type" : "action",
"data" : {
"selected" : "<option-id>"
}
}{
"type" : "action",
"success" : true,
"data" : {
"location" : "<path-to-selected-authenticator>"
}
}Invalid option: <option-id>
An invalid option-id was supplied. Only option-ids from init are valid.
Invalid state
Protocol error. Operation is called in an invalid state, for example if action is called before init.
Complete (response)
The complete response message is sent when the authentication has completed. If message contains a location property; view must redirect user agent to the supplied location.
{
"type" : "complete",
"success" : true,
"data" : {
"location" : "<next-location>"
}
}Translation keys
Default translations provided:
English, assets/locales/en.json
{
"impersonate_selector.header": "Choose",
"impersonate_selector.paragraph": "Choose a user to impersonate",
"impersonate_selector.label1": "Label 1",
"impersonate_selector.label2": "Label 2",
"impersonate_selector.label3": "Label 3",
"impersonate_selector.label4": "Label 4",
"impersonate_selector.label5": "Label 5",
"impersonate_selector.label6": "Label 6",
"impersonate_selector.label7": "Label 7",
"impersonate_selector.label8": "Label 8",
"impersonate_selector.label9": "Label 9",
"impersonate_selector.label10": "Label 10",
"impersonate_selector.error": "An error occured",
"impersonate_selector.cancel": "Cancel",
"impersonate_selector.self_button": "Login as myself",
"allow-cookies-body": "To save your language settings on this device you need to approve a language cookie.",
"allow-cookies-button": "Approve language cookie",
"table.page": "Page {{pageIndex}} of {{pageCount}}",
"change_language": ""
}
Swedish, assets/locales/sv.json
{
"impersonate_selector.header": "Välj",
"impersonate_selector.paragraph": "Välj en användare att logga in som",
"impersonate_selector.label1": "Rubrik 1",
"impersonate_selector.label2": "Rubrik 2",
"impersonate_selector.label3": "Rubrik 3",
"impersonate_selector.label4": "Rubrik 4",
"impersonate_selector.label5": "Rubrik 5",
"impersonate_selector.label6": "Rubrik 6",
"impersonate_selector.label7": "Rubrik 7",
"impersonate_selector.label8": "Rubrik 8",
"impersonate_selector.label9": "Rubrik 9",
"impersonate_selector.label10": "Rubrik 10",
"impersonate_selector.error": "Ett fel har inträffat",
"impersonate_selector.cancel": "Avbryt",
"impersonate_selector.self_button": "Logga in som mig själv",
"allow-cookies-body": "Vill du spara dina språkinställningar på denna enhet behövs ett godkännande av språk-cookie.",
"allow-cookies-button": "Godkänn språk-cookie",
"table.page": "Sida {{pageIndex}} av {{pageCount}}",
"change_language": ""
}